Auto-Update: 2025-02-15T09:00:23.377436+00:00

2025-05-07 19:16:29 +00:00 · 2025-02-15 09:03:52 +00:00 · 2025-02-15 09:03:52 +00:00 · 1e091542b8
commit 1e091542b8
parent 910e113746
3 changed files with 73 additions and 10 deletions
--- a/CVE-2024/CVE-2024-135xx/CVE-2024-13513.json
+++ b/CVE-2024/CVE-2024-135xx/CVE-2024-13513.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-13513",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-02-15T08:15:07.790",
+  "lastModified": "2025-02-15T08:15:07.790",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's clientToken, which in turn can be used to change user account information including emails and account type. This allows attackers to then change account passwords resulting in a complete site takeover. Version 2.4.2.3 disabled logging but left sites with existing log files vulnerable."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/models/class-pos-bridge-user.php#L373",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3234731%40oliver-pos%2Ftrunk&old=3056051%40oliver-pos%2Ftrunk&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf6b7d8d-fb13-4eb4-b0b4-d0a10ad2a21e?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-02-15T07:00:19.215999+00:00
+2025-02-15T09:00:23.377436+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-02-15T06:15:36.847000+00:00
+2025-02-15T08:15:07.790000+00:00
 ```

 ### Last Data Feed Release
@ -33,16 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-281456
+281457
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `1`

- [CVE-2024-13208](CVE-2024/CVE-2024-132xx/CVE-2024-13208.json) (`2025-02-15T06:15:35.800`)
- [CVE-2024-13306](CVE-2024/CVE-2024-133xx/CVE-2024-13306.json) (`2025-02-15T06:15:36.847`)
- [CVE-2025-1302](CVE-2025/CVE-2025-13xx/CVE-2025-1302.json) (`2025-02-15T05:15:11.683`)
+- [CVE-2024-13513](CVE-2024/CVE-2024-135xx/CVE-2024-13513.json) (`2025-02-15T08:15:07.790`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -246324,7 +246324,7 @@ CVE-2024-13203,0,0,185596fd55da2cd2b39bf258cd979d62bae493829dc274cf47040e63f44d1
 CVE-2024-13204,0,0,2077568adc3d1587266daf90f54daa05715b1fd3b8ad1ca02bbf94d99d7b0f77,2025-01-09T03:15:24.603000
 CVE-2024-13205,0,0,a2c24bfcb6dabf141ebfc05101bd5868750a3f91da2d75e38e38d8f789252bb5,2025-01-10T13:15:09.097000
 CVE-2024-13206,0,0,2ac2a8a2c5e17df449daefc0b8deb33d1fbcb984155fe913a475753b12e53f67,2025-01-09T04:15:10.990000
-CVE-2024-13208,1,1,fed430bfef97c2d1e1328bc5a8bcff93b3b94a17fc12d3d87dbe8c1af38bad17,2025-02-15T06:15:35.800000
+CVE-2024-13208,0,0,fed430bfef97c2d1e1328bc5a8bcff93b3b94a17fc12d3d87dbe8c1af38bad17,2025-02-15T06:15:35.800000
 CVE-2024-13209,0,0,14bbd70ee1fa73e35942ca670bb7c13c7db5eae6860ff3be2b6ad90a0b86296f,2025-01-09T04:15:11.683000
 CVE-2024-1321,0,0,30e32da96fca5d7cb6d75d56eec50ed4acda46aa46332d8960f720d659578da6,2025-01-15T18:27:07.990000
 CVE-2024-13210,0,0,127e3de5b01fd275f14befb3eb9083d2caebd6f189a1117ba2466bb322bd39c0,2025-01-09T04:15:11.890000
@ -246425,7 +246425,7 @@ CVE-2024-13302,0,0,c2e2f829e272ce3710b30cde276e1b51b430dd27cc63cc0d3e8565746bc82
 CVE-2024-13303,0,0,45400694ac4670f48d80d8a7e39a4bc849293c35e8276e2742f48056b9fcfa36,2025-01-10T18:15:20.910000
 CVE-2024-13304,0,0,24b1a36018af16d753703a5b5b1bb932f9f36c2f21a7231aac95060bf05434cb,2025-01-10T18:15:21.263000
 CVE-2024-13305,0,0,3a4cf301307578a6e63a4f0538c798b9e10f6efb81525d14d4ca11f02d0c6cd6,2025-01-10T17:15:16.820000
-CVE-2024-13306,1,1,b7e9c2bd3b83ce0486541be1a3e6027bef482e4c8e2f02e1dec76933e55b5ad4,2025-02-15T06:15:36.847000
+CVE-2024-13306,0,0,b7e9c2bd3b83ce0486541be1a3e6027bef482e4c8e2f02e1dec76933e55b5ad4,2025-02-15T06:15:36.847000
 CVE-2024-13308,0,0,5a7c5de49dea6dce6146be04ca3299c64c19e3ab1de1461d50a35b802bb7ee20,2025-01-30T22:15:08.723000
 CVE-2024-13309,0,0,0b3b8b334a1de7768f2a2e87180e2cff3c33f0ede7bad89f9b0bac93a7d10749,2025-01-30T22:15:08.880000
 CVE-2024-1331,0,0,b8018aa4d406613d3ec27aefa47c4e3b21af15db4ddfb753850f1de6f3ba1fdc,2024-11-21T08:50:21.027000
@ -246569,6 +246569,7 @@ CVE-2024-1351,0,0,405f7ca5457b566dd144bafd06aaa6f59a3ff04b5a8a69549d30c39336936f
 CVE-2024-13510,0,0,bf025b224548dff5677e13c6095ef04edc46d236692642ff5d521730071b549d,2025-02-04T10:15:08.167000
 CVE-2024-13511,0,0,8b315badaeb5a615c739271a3e79d1cb9a54c1aaf05d6bc1436615af32fdbe24,2025-02-05T18:22:40.217000
 CVE-2024-13512,0,0,15b524ef140c14d839848665047eaf39bfa9911689193bf2e25f735ef0c619c4,2025-01-31T18:08:22.743000
+CVE-2024-13513,1,1,9532be29dd949592136094366981443369989c9721b2baeb94407f59e57ccce9,2025-02-15T08:15:07.790000
 CVE-2024-13514,0,0,9ea9c943c8c862a90b064c6b687870de6d99753ab2446cc014bc97f56be09316,2025-02-04T08:15:28.777000
 CVE-2024-13515,0,0,aca8f7e0638fd7d821357389659621eb450217319a62bd2c5a959e9c0aea1b39,2025-01-18T06:15:26.410000
 CVE-2024-13516,0,0,5ffb65a61f80c9c94522737749ad7061abe4071a127f73ee8fe2d406cf9b6f3f,2025-01-18T06:15:27.627000
@ -279257,7 +279258,7 @@ CVE-2025-1270,0,0,236281c7e2f02c32874e4e3709dfb4e8e9ebb69fe161a8786e8aa1222fe115
 CVE-2025-1271,0,0,5d817e390688ef07b23033305a3d61b54ec7909b543740a3f3f14f0970450461,2025-02-13T13:15:09.433000
 CVE-2025-1283,0,0,e0bfe5d939a3d4bf1cd2099051e27f05a10fae661af34307090edba35da62446,2025-02-13T22:15:11.413000
 CVE-2025-1298,0,0,c241b07b63fa1a12db4bf2cbddc777a3c460534a51a196b1be44ba87a34980ab,2025-02-14T08:15:30.877000
-CVE-2025-1302,1,1,80ab185ad47640442cc52c9cc763e0a51ea23219a81264b6e3df3c8afc9e7cea,2025-02-15T05:15:11.683000
+CVE-2025-1302,0,0,80ab185ad47640442cc52c9cc763e0a51ea23219a81264b6e3df3c8afc9e7cea,2025-02-15T05:15:11.683000
 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000
 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000
 CVE-2025-20029,0,0,58d0a26aacf6cc700c9707f22937d4a9fd06e9e8ac5a17ed011c7efb874a7f40,2025-02-05T18:15:29.573000